Gory details

血腥细节

A DLL uses the PE executable format, and it's not too tricky to read that information out of the file.

DLL 使用 PE 可执行格式，从文件中读取该信息并不太难。

See this MSDN article on the PE File Formatfor an overview. You need to read the MS-DOS header, then read the IMAGE_NT_HEADERSstructure. This contains the IMAGE_FILE_HEADERstructure which contains the info you need in the Machine member which contains one of the following values

有关概述，请参阅有关 PE 文件格式的这篇MSDN 文章。您需要读取 MS-DOS 标头，然后读取IMAGE_NT_HEADERS结构。这包含IMAGE_FILE_HEADER结构，其中包含 Machine 成员中所需的信息，其中包含以下值之一

• IMAGE_FILE_MACHINE_I386 (0x014c)
• IMAGE_FILE_MACHINE_IA64 (0x0200)
• IMAGE_FILE_MACHINE_AMD64 (0x8664)

• IMAGE_FILE_MACHINE_I386 (0x014c)
• IMAGE_FILE_MACHINE_IA64 (0x0200)
• IMAGE_FILE_MACHINE_AMD64 (0x8664)

This information should be at a fixed offset in the file, but I'd still recommend traversing the file and checking the signature of the MS-DOS header and the IMAGE_NT_HEADERS to be sure you cope with any future changes.

此信息应该在文件中的固定偏移量处，但我仍然建议遍历文件并检查 MS-DOS 标头和 IMAGE_NT_HEADERS 的签名，以确保您能应对未来的任何更改。

Use ImageHelp to read the headers...

使用 ImageHelp 读取标题...

You can also use the ImageHelp APIto do this - load the DLL with LoadImageand you'll get a LOADED_IMAGEstructure which will contain a pointer to an IMAGE_NT_HEADERS structure. Deallocate the LOADED_IMAGE with ImageUnload.

您还可以使用ImageHelp API来做到这一点-加载使用DLL的LoadImage，你会得到一个LOADED_IMAGE结构，其中将包含一个指向IMAGE_NT_HEADERS结构。使用 ImageUnload 解除分配 LOADED_IMAGE。

...or adapt this rough Perl script

...或改编这个粗略的 Perl 脚本

Here's rough Perl script which gets the job done. It checks the file has a DOS header, then reads the PE offset from the IMAGE_DOS_HEADER 60 bytes into the file.

这是完成工作的粗略 Perl 脚本。它检查文件是否有 DOS 头，然后从 IMAGE_DOS_HEADER 60 字节读取 PE 偏移量到文件中。

It then seeks to the start of the PE part, reads the signature and checks it, and then extracts the value we're interested in.

然后它会寻找 PE 部分的开头，读取签名并检查它，然后提取我们感兴趣的值。

#!/usr/bin/perl
#
# usage: petype <exefile>
#
$exe = $ARGV[0];

open(EXE, $exe) or die "can't open $exe: $!";
binmode(EXE);
if (read(EXE, $doshdr, 64)) {

   ($magic,$skip,$offset)=unpack('a2a58l', $doshdr);
   die("Not an executable") if ($magic ne 'MZ');

   seek(EXE,$offset,SEEK_SET);
   if (read(EXE, $pehdr, 6)){
       ($sig,$skip,$machine)=unpack('a2a2v', $pehdr);
       die("No a PE Executable") if ($sig ne 'PE');

       if ($machine == 0x014c){
            print "i386\n";
       }
       elsif ($machine == 0x0200){
            print "IA64\n";
       }
       elsif ($machine == 0x8664){
            print "AMD64\n";
       }
       else{
            printf("Unknown machine type 0x%lx\n", $machine);
       }
   }
}

close(EXE);

A crude way would be to call dumpbin with the headers option from the Visual Studio tools on each DLL and look for the appropriate output:

一种粗略的方法是使用每个 DLL 上的 Visual Studio 工具中的 headers 选项调用 dumpbin 并查找适当的输出：

dumpbin /headers my32bit.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
             14C machine (x86)
               1 number of sections
        45499E0A time date stamp Thu Nov 02 03:28:10 2006
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
            2102 characteristics
                   Executable
                   32 bit word machine
                   DLL

OPTIONAL HEADER VALUES
             10B magic # (PE32)

You can see a couple clues in that output that it is a 32 bit DLL, including the 14C value that Paul mentions. Should be easy to look for in a script.

您可以在该输出中看到一些线索，表明它是一个 32 位 DLL，包括 Paul 提到的 14C 值。应该很容易在脚本中查找。

If you have Cygwininstalled (which I strongly recommend for a variety of reasons), you could use the 'file' utility on the DLL

如果您安装了Cygwin（出于各种原因，我强烈建议您这样做），您可以在 DLL 上使用“文件”实用程序

file <filename>

which would give an output like this:

这将给出这样的输出：

icuuc36.dll: MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit

Dependency Walker tells all(well almost). http://www.dependencywalker.com/

Dependency Walker 告诉了所有（几乎）。 http://www.dependencywalker.com/

It does not "install" -just get it, extract it and run the exec. It works for any x32 or x64 windows module|application.

它不会“安装” - 只是获取它，提取它并运行 exec。它适用于任何 x32 或 x64 窗口模块|应用程序。

As I recall it is fairly straightforward to see all dependencies, i.e. the dll modules, and since the appl. is a sum of the dependencies one can ascertain if it is full x64, x32(x86) or a bit of each.

我记得查看所有依赖项非常简单，即 dll 模块，以及从 appl. 是依赖项的总和，可以确定它是完整的 x64、x32(x86) 还是每个的一部分。

Type of CPU that the module was built for is in the "CPU" column. Most 64-bit aps are still a bit of each but 32-bit ap w/b all x86.

构建模块的 CPU 类型在“CPU”列中。大多数 64 位 aps 仍然是每个但 32 位 ap w/b 所有 x86。

Beautiful program for geeks/programmers and it is free...

极客/程序员的美丽程序，它是免费的...

I have written a very simple tool that does exactly that - it's called PE Deconstructor.

我编写了一个非常简单的工具来完成这个任务——它被称为 PE 解构器。

Simply fire it up and load your DLL file:

只需启动它并加载您的 DLL 文件：

In the example above, the loaded DLL is 32-bit.

在上面的示例中，加载的 DLL 是 32 位的。

You can download it here (I only have the 64-bit version compiled ATM):
http://files.quickmediasolutions.com/exe/pedeconstructor_0.1_amd64.exe

你可以在这里下载（我只有64位版本编译的ATM）：http:
//files.quickmediasolutions.com/exe/pedeconstructor_0.1_amd64.exe

An older 32-bit version is available here:
http://dl.dropbox.com/u/31080052/pedeconstructor.zip

较旧的 32 位版本可在此处获得：http:
//dl.dropbox.com/u/31080052/pedeconstructor.zip